This article can also be found in the Premium Editorial Download "Storage magazine: Salaries rise, but storage jobs get tougher."
Download it now to read this article plus other related content.
There are two solutions to this problem. First and foremost, encrypt your backups. There are a number of ways to encrypt data, such as using backup software encryption and encryption engines built into fabric switches, tape libraries and disk drives. The second solution is to not ship tapes offsite but to use a disk-based deduplication backup system that replicates your backups offsite. If you still want to make tapes, make them at your offsite location.
In my opinion,
| anyone in management who refuses to fund the security of backups should be relieved of their duties, and very well could be if things go wrong. Make sure that person isn't you. If your company is shipping unencrypted backup tapes with personal information on them, you should immediately notify your superiors in writing of the seriousness of this problem and request a project to solve it. Document your request and the response, especially if it's a negative one. Continue to make yourself a pain until they solve the problem or give you another job; you don't want the job of enabling identity thieves.
In sum, while some of these solutions may be simpler than others, a lot of what you can do to make your backups better comes down to understanding the limitations of what you're using and knowing how to document and improve your backup processes. Sometimes it pays to spend money on specialized backup tools that provide a clearer view of your backup environment.
This was first published in November 2008